CVE-2026-8501
Improper Access Control in PCTCore64.sys Windows Kernel Driver
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pc_tools | internet_security | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-8501 is a vulnerability in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security. The driver improperly controls access to its device interface, allowing any user-mode process to interact with it and invoke privileged IOCTL commands without proper restrictions.
This flaw enables a local attacker who can access or load the vulnerable driver to perform sensitive and privileged operations on the system by exploiting the exposed interface.
Exploitation can include actions such as system-wide handle enumeration, cross-process handle manipulation, credential extraction from critical processes like lsass.exe, and forced termination of arbitrary processes, including those protected by Protected Process Light (PPL).
Although the PC Tools Internet Security product was discontinued in 2013, the driver remains signed and exploitable.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can lead to serious security impacts including credential theft, defense evasion, privilege escalation, and broader system compromise.
- Credential theft by extracting sensitive information from protected processes.
- Defense evasion by manipulating system handles and processes.
- Privilege escalation allowing attackers to gain higher system privileges.
- Forced termination of arbitrary processes, including those with protection mechanisms.